The free λογισμικό PuTTY μπορεί να χρησιμοποιηθεί για τη δημιουργία συνδέσεων Secure Shell, Telnet, απομακρυσμένης σύνδεσης ή σειριακών διεπαφών με διακομιστή. Ωστόσο, υπάρχει μια κρίσιμη ευπάθεια στο εν λόγω λογισμικό (CVE-2024-31497) που μπορεί να χρησιμοποιηθεί για την αναconstruction ιδιωτικών κλειδιών SSH. Οι εκδόσεις PuTTY 0.68 έως 0.80 καθώς και άλλα productthe (for example o fileZilla) are directly affected by the security gap.
The downside is that simply updating the products is not enough, as the keys may already be leaked.
PuTTY is free software for establishing connections via Secure Shell (SSH), Telnet, etc. It acts as a client and establishes the connection with a server. When the connection is established, the ID card of the user is verified using one of the provided authentication methods.
PuTTY versions 0,68 through 0,80 contain the critical vulnerability (CVE-2024-31497), which allows attackers to reconstruct the NIST P-521 private key using approximately 60 signatures. The vulnerability was discovered by Fabian Bäumer and Marcus Brinkmann (Ruhr University Bochum).
If you are interested in more details you can read the announcement at NIST.
https://nvd.nist.gov/vuln/detail/CVE-2024-31497